Online threats, such as malware and technologies for tracking a user's online activity, continue to grow. Remaining safe while using the Internet has become a challenge both for individuals and for organizations. Protecting an organization's private computer network from online threats is particularly problematic due to the security challenges raised by the diversity of an organization's employees' tasks and business, ranging from e-mailing to accounting to Web-development, processes that typically take place on the organization's network.
The problem is further exacerbated due to a large and disparate population of devices across which Information Technology (IT) departments of organizations must enforce security policies. Generally, organizational IT departments either rely on third party software for remote computer administration, such as commercial security software for enforcing firewall protection, or provide their employees with a series of tutorials specific to different device configurations, such as the steps to configure a Virtual Private Network Connection (VPN) connection on the employees' mobile devices.
With the proliferation of the so-called “Bring Your Own Device” culture, which involves employees supplying their own computing devices for work-related purposes, organizations have struggled to balance employee convenience and security policy enforcement. Standard security policies include blacklisting specific websites, limiting time spend online, mandating the use of encryption software, and user access control to specific services (such as internal Wikis, blogs or other web services). Individuals have also faced non-organization-specific issues, such as technologies that track a user's Internet activities, which raises personal privacy concerns.
Current protections from these online threats at an individual and at an organization level are insufficient. For example, the anonymizing service Tor™ (previously an acronym for “The Onion Router”) developed by the Tor Project Inc. of Walpole, Mass., conceals a user's IP address, location, and Internet activities by routing the user's Internet traffic through multiple nodes. Layered encryption is used at each of the nodes. The Tor™ service requires an advanced knowledge of the applications being used or a willingness to make a change in the user's Web-browsing habits. For instance, using the Tor™ service requires the user to either configure each online application on his computing device to route traffic through the Tor™ service, or to use the Tor™ service Web-browser. Furthermore, some applications cannot be configured to be used with the Tor™ service, and thus a user may not be able to keep all Internet traffic private.
The Safeplug™ device, developed by Cloud Engines, Inc. of San Francisco, Calif., requires a user to connect the device to his Internet router. The user must then visit a specific Webpage to enable the Safeplug™ device to direct the user's Internet traffic through the Tor™ service. As the Safeplug™ device requires the user to have physical access to an Internet router, such as via an Ethernet cable, the Safeplug™ device physically limits where the user can browse the Internet anonymously.
Therefore, there is a need for a way to accommodate the “Bring Your Own Device” work-place culture without endangering the security of a network of an organization and for providing personal privacy protection from online threats.